Recent events have fueled questions about the national security implications of digital assets. In this primer, BPI Fellow Matthew Pines breaks down the key facts around ransomware, illicit finance, and sanctions evasion.
1. The U.S. government has a national security interest in using lawful authorities to counter criminal groups and other malign actors that leverage new monetary technologies for destructive ransomware attacks and illicit finance activities. However, the harms from these technologies must be balanced against their positive effects in a manner consistent with how society makes similar trade-offs between core values (such as privacy and freedom of expression) and national security.
2. The term “cryptocurrency” encompasses a vast space of different technologies that have distinct potential risks, benefits, and national security implications. Smart policy should account for these differences as well as the fast changing nature of the industry.
3. Major exchanges maintain strict compliance with U.S. and other jurisdictions’ banking regulation and sanctions regimes. Cryptocurrency monitoring companies cooperate closely with law enforcement, using advanced tools and the inherent transparency of blockchains to flag violations in real time.
4. As a globally distributed digital settlement system, Bitcoin allows anyone to transfer value peer-to-peer without centralized intermediaries. While Pro-Russian groups have raised ~$2.2 million, Pro-Ukraine groups have raised ~$135.7 million in digital assets since the start of the war.,
5. Revanchist powers (aligned as a quasi-Axis of Authoritarians) are challenging the US-led geopolitical order and monetary system, which is burdened by high debt and inflation.
6. Great powers are engaged in escalating economic war: Russia is weaponizing energy and food, China its ports and overseas assets, and the U.S. its control of the dollar-system.
Criminal groups (some state-sponsored) have dramatically increased the scale, sophistication, and severity of ransomware operations. As a result, attacks are becoming more frequent and the payouts (demanded in cryptocurrency) are growing.
• The U.S. National Security Council is focused on this issue and has directed a whole of government approach to counter ransomware groups and bolster public and private sector resilience to attacks.
• The Colonial Pipeline ransomware incident in May 2021 elevated this topic from a cybersecurity-specific issue to a high-priority national security issue.
• Unlike Bitcoin (whose transparent ledger makes transactions trivial to track), AECs like Monero are designed for privacy, obscuring all transactions from public view. As a result, some ransomware groups charge a premium (~10-20%) for Bitcoin vs. Monero, with the latter denominating the majority of ransomware demands.
• DHS and the IRS have put out contracts for firms that claim to be able to potentially track Monero transactions, but the specific technical capabilities are not public.
Cryptocurrency-based crime hit a new all-time high in 2021, with illicit addresses receiving $14 billion over the course of the year, but the market correction in the first half of 2022 has seen illicit transaction volumes falling 15% y-o-y (Figure 1).
In April 2022, U.S. and German law enforcement conducted a joint operation to take down and sanction Hydra, the largest Darknet market, as well as a Russian crypto exchange. As a result, Darknet market revenue is also down significantly in 2022, and is currently 43% lower than where it was through July in 2021 (Figure 2).
• In addition to Darknet revenue, revenue from cryptocurrency scams are also falling, with the cumulative number of individual transfers to scams so far in 2022 the lowest since 2018. As the market has matured in recent years, the number of inexperienced users has likely fallen, making participants somewhat less susceptible to scams, which have cost naive users in billions in fraud in previous years.
• However, revenue from hacking and theft are on the rise, principally driven by the dramatic increase in funds stolen from decentralized finance (“DeFi”) protocols. This portion of the crypto-ecosystem inherits the “move fast and break things” ethos of silicon valley and their open source code is a ripe target for hackers to exploit and reap very large bounties.
• The Lazarus Group (a hacking group controlled by the North Korean intelligence service) is the dominant exploiter of DeFi protocols, stealing an estimated $1 billion from these insecure projects in the first half of 2022 alone. Their use of the Ethereum-based mixer Tornado Cash to launder their stolen assets led OFAC to issue an unprecedented sanction of smart contract public addresses (in addition to the standard entity and property designations on the SDN list), an act that precipitated widespread consternation in the crypto-community and will likely be challenged in U.S. court.
It has been a common refrain that Bitcoin is a useful tool for rogue nations and entities to evade U.S. sanctions. This concern was raised in the immediate aftermath of Russia’s invasion of Ukraine, but thus far, no significant use of Bitcoin to evade sanctions has materialized.
• On March 2, 2022, Attorney General Merrick Garland announced the launch of Task Force KleptoCapture, an interagency law enforcement task force dedicated to enforcing sanctions and restrictions placed in response to Russia's actions in Ukraine. The mission of the Task Force will specifically include "targeting efforts to use cryptocurrency to evade U.S. sanctions, launder proceeds of foreign corruption, or evade US responses to Russian military aggression."
• OFAC issued guidance in an FAQ released on March 11, 2022, confirming that compliance with the expansive Russian sanctions is required "regardless of whether a transaction is denominated in traditional fiat currency or virtual currency."
• FinCEN states that it is unlikely that the Russian government can use cryptocurrency to mitigate or circumvent the impact of sanctions in any meaningful way, finding that "large scale sanctions evasion using CVC by a government such as the Russian Federation is not necessarily practicable."
• Additionally, FinCEN Acting Director Him Das said the agency had "not seen widespread evasion of our sanctions using methods such as cryptocurrency."
• This echoes the sentiment expressed by Carol House, Director of Cybersecurity at the National Security Council, when she stated, "[t]he scale that the Russian state would need to successfully circumvent all U.S. and partners' financial sanctions would almost certainly render cryptocurrency as an ineffective primary tool for the state."
• U.S. Treasury officials themselves “are not overly worried about crypto undermining the effort to choke off the Kremlin’s access to capital. Laundering large amounts of money through a dizzying array of digital wallets and exchanges is expensive, time-consuming and would likely be visible in the broader crypto market, given the massive investment portfolios of individuals and institutions named in the sanctions.''
